Academic journal article Journal of Positive Management

The Impact of Positive Organisational Culture Values on Information Security Management in the Company

Academic journal article Journal of Positive Management

The Impact of Positive Organisational Culture Values on Information Security Management in the Company

Article excerpt

1. Introduction

The information is increasingly recognised as a basic product, without which most of the today's businesses cannot function. Unfortunately, in the world of new technologies, in which we live, the information is much more vulnerable than ever before. Storing and processing large amounts of data in the electronic form creates a lot of doubt about the information security. Therefore, in recent time, the issues related to the information security gained on importance, both among practitioners and scientists.

The recent reports on information security indicate that the number of threats increases from year to year, and the employees become the main source of the attack. This trend may be mainly due to the fact that the companies have focused their practice of information security mostly on the technical issues. This situation forces the today's companies to pay greater attention to the organisational issues related to the information security, like increasing the involvement of employees in order to understand the essence of the information security better.

Already in 1982, T Deal and A. Kennedy showed that the organisational culture is one of the most important factors, which determines the success or failure of the company. The organisational culture shapes the values and behaviour of the employees. There's no denying that it affects the operational activity of the company and the effectiveness of the information security practice in the company. However, for several years, the information security becomes the major concern of almost every enterprise. Initiation of the information security practices in the organisational culture is a very difficult process to implement, as it requires undertaking many actions at different organisational levels.

The article aims to identify the positive values, which influence the effectiveness of information security management. Due to the complexity of the issue, the study was conducted based on the case study. The various characteristics of the organisational culture were analysed, which impact the attributes of the information security, i.e., confidentiality, integrity and availability. The analysis of the obtained results constitutes the foundation for further studies in the field of behavioural determinants of the information security management in the company.

2. Information security and organisational culture

2.2 Information security

Information technology in today's companies play an important role, therefore it can be assumed that the information security must be a key element of modern planning and the company management. This type of security for a long time has been largely driven by the increasing growth of electronic transactions and the continuous development of the Internet. It is generally accepted that the information security means the protection against a wide range of threats in order to ensure (ISO 27002):

* operation continuity,

* minimisation of the risk and maximisation of the return of investment,

* business opportunities.

The main objective of the information security is to ensure the confidentiality, integrity and the information availability (Chang Ho, 2006). Confidentiality means the property, in which the information is not made available or disclosed to unauthorised persons. Integrity means the property, which ensures accuracy and completeness of information and the methods of its processing. While the availability ensures that the authorised people have access to information and the associated assets always when it is needed (ISO 27002:2013).

The information security is used for the protection of all valuable information resources and mitigation of threats for the information from various sources (Szczçsny, 2012). In general, information security management is directed at the creation and maintenance of the optimal information security level in the company. The mere concept of information security management is based on the control of the obtained, produced and processed information in the structure of the given company. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.